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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
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DETAILED ACTION 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

5 The specification shall conclude with one or more claims particularly pointing out and distinctly 

claiming the subject matter which the applicant regards as his invention. 

Claim 26 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
10 regards as the invention. 

Claim 26 recites the limitation "the second type of triggering event" in line 3. 
There is insufficient antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC § 102 

1 5 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 

form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
20 States. 

Claims 1-7, 12, 19-24, and 26 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Bruce Schneier's "Applied Cryptography", hereinafter referred to 
25 as Schneier. 
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Regarding claim 1 , Schneier discloses a method of generating a random number 
for a cryptographic security subsystem of a processor-based device, the method 
comprising the acts of (a) detecting occurrences of a first type of triggering event (page 
426 lines 6-14); (b) writing one or more bits of data to a seed pool (or reservoir) upon 
5 termination of the first type of triggering event (page 426 lines 8-9); and (c) repeating 
acts (a) and (b) until (enough events have taken place) the seed pool is full (page 428 
lines 16-18). 



Regarding claim 2, Schneier further discloses the act of capturing one or more 
1 0 bits of data from a free-running timer (most finely grained time-of-day clock, for example 
the Intel 8254 clock chip) upon termination of the first type of triggering event (page 426 
lines 27-34). 

Regarding claim 3, Schneier further discloses that the first type of triggering 
1 5 event has a variable duration (seemingly random events) (page 426 lines 7-8). 



Regarding claims 4-6, Schneier further discloses that the processor-based 
device is coupled to a communication link, and includes the act of receiving a 
communication from the communication link (arrival times of network packets), the link 
20 comprising a plurality of types (network, multimedia, etc) (page 426 lines 14-27). 
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Regarding claim 7, Schneier further discloses (a) detecting occurrences of a 
second type of triggering event (a whole lot of seemingly random events); (e) writing 
one or more bits of data to the seed pool upon termination of the second type of 
triggering event; and (f) repeating act (e) each time the second type of triggering event 
5 is detected (for example, hashing together the sector number, time of day, and seek 
latency for every disk operation) (page 426 lines 16-17). 

Regarding claim 12, Schneier further discloses that the seed pool comprises a 
state bit indicative of a state of the seed pool, and wherein the method comprises the 
10 act of examining the state bit to determine whether the seed pool is full (waiting until 
enough external random events have taken place before continuing) (page 428 lines 
16-18). 

Claim 19 is directed towards a device's implementation of the method of claim 1 
15 and is rejected by similar rationale. 

Claim 20 is directed towards a device's implementation of the method of claim 7 
and is rejected by similar rationale. 

Claim 21 is directed towards a device's implementation of the method of claim 2 
and is rejected by similar rationale. 
20 Claim 22 is directed towards a device's implementation of the method of claim 3 

and is rejected by similar rationale. 
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Claim 23 is directed towards a device's implementation of the method of claim 4 
and is rejected by similar rationale. 

Claim 24 is directed towards a device's implementation of the method of claim 5 
and is rejected by similar rationale. 
5 Claim 26 is directed towards a device's implementation of the method of claim 1 1 

and is rejected by similar rationale. 

Claims 13-18, 25, and 27-32 are rejected under 35 U.S.C. 102(b) as being 
10 anticipated by Utz et al., US Patent No. 5,680,131, hereinafter referred to as Utz. 

Regarding claim 13, Utz discloses a method of initializing a seed pool for 
generating a random number for a cryptographic security subsystem of a processor- 
based device, the method comprising the acts of (a) writing a plurality of bits of data to a 

1 5 seed pool (RS/PRNG), the plurality of bits of data having a signature (start) value (col.5 
lines 34-42; col.6 lines 13-28); (b) detecting occurrences of a first type of triggering 
event and (c) writing one or more bits of data to the seed pool upon termination of the 
first type of triggering event, the one or more bits of data altering the signature value of 
the seed pool (col.6 lines 37-61); and (d) enabling the cryptographic security subsystem 

20 when more than a predetermined portion of the signature value of the seed pool has 
been altered (col.7 line 61thru col.8 line 13; col.9 line 62 thru col. 10 line 16). 
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Regarding claims 14 and 15, Utz discloses wherein the first type of triggering 
event comprises either a cycle of power applied to the processor-based device or a 
reboot of the processor-based device (power-on reset circuit) (col. 5 lines 57-67). 

5 Regarding claim 16, Utz discloses wherein act (c) comprises the act of masking 

(serially combining) the one or more bits of data into the seed pool (col.6 lines 57-61 ; 
col.5 line 22). 

Regarding claim 17, Utz discloses wherein act (c) comprises the act of capturing 
1 0 the one or more bits of data from a free-running timer (clock signals) (col.5 lines 59-61 ) . 

Regarding claim 18, Utz discloses detecting a second type of triggering event; 
determining if the seed pool is full; and writing one or more bits of data to the seed pool 
upon termination of the second type of triggering event if the seed pool is not full (col. 3 
15 lines 38-40; col. 11 lines 51-55). 

Regarding claim 25, Utz discloses wherein the interface controller 
comprises an RS232 interface controller (col.7 lines 41-45; col. 10 lines 48-53). 



20 



Regarding claim 27, Utz discloses a processor-based device comprising: 
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a host processing system, the host processing system comprising a processor 
and a communications management system in communication with the host processing 
system (col. 5 lines 52-67); and 

a memory system in communication with the host processing system and the 
5 communications management system, wherein the communications management 
system comprises: an interface controller (col.6 lines 8-12); a non-volatile memory 
device to store a seed pool comprising a plurality of data bits (col. 5 lines 34-42); and 

security logic in communication with the interface controller and the non-volatile 
memory device, the security logic configured to establish a secure communication 
10 session between the processor-based device and an external device in communication 
with the processor-based device via the interface controller (col.4 lines 47-60), and 
wherein the security logic is configured to: 

determine whether the plurality of data bits in the seed pool has at least a portion 
of a signature value; and disable establishment of the secure communication session if 
1 5 the plurality of data bits has at least a portion of the signature value (col.9 line 62 thru 
col. 10 line 16). 



20 



Regarding claim 28, Utz discloses wherein the security logic is configured to 
detect a first type of triggering event, and to write one or more data bits to the seed pool 
upon termination of the first type of triggering event (col.6 lines 37-61). 
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Regarding claim 29, Utz discloses a main power supply to supply power to the 
processor-based device, and wherein the first type of triggering event comprises a cycle 
of the power supplied by the main power supply (power-on reset circuit) (col. 5 lines 57- 
67). 

5 

Regarding claims 30-31 , Utz discloses wherein the security logic is configured to 
detect a second type of triggering event; determine whether the seed pool is fully 
populated; and write one or more data bits to the seed pool upon termination of the 
second type of triggering event if the seed pool is not fully populated (col. 3 lines 38-40; 
1 0 col.1 1 lines 51 -55) and wherein the second type of triggering event comprises receipt of 
a communication from the external device via the interface controller (col. 3 lines 38-40; 
col. 11 lines 51-55). 

Regarding claim 32, Utz discloses wherein the interface controller comprises a 
15 network interface controller (col.7 lines 41-45; col. 10 lines 48-53). 

Claim Rejections - 35 USC § 103 



20 



Claims 8-11 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Schneier as applied to claims 1-6 above, and further in view of Alfred J. Menezes, 



Application/Control Number: 09/966,890 Page 9 

Art Unit: 2137 

Paul C. van Oorschot, and Scott A. Vanstone's "Handbook of Applied 
Cryptography", hereinafter referred to as Menezes. 



Claim 8 refers to the method of claim 7, wherein act (e) comprises masking the 
5 one or more bits of data into the seed pool upon termination of the second type of 
triggering event. 

Schneier refers only to the method of claim 7 and fails to specifically mention 
masking the bits into the seed pool. 

Menezes describes sampling a number of distinct sources and combining those 
10 sources using a complex mixing function such as a cryptographic hashing function 
(page 172 lines 34-37). 

It would have been obvious to a person of average skill in the area at the time of 
the invention to include within Schneier the complex mixing function as described in 
Menezes to distill the true random bits from the samples sequences and guard against 
1 5 the possibility of a few of the sources failing, or being observed or manipulated by an 
adversary. 

Regarding claim 9, the combined system of Schneier and Menezes further 
discloses that act (e) comprises capturing the one or more bits of data from a free- 
20 running timer upon termination of the second type of triggering event (Schneier page 
426 lines 37-34). 
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Regarding claim 10, the combined system of Schneier and Menezes further 
discloses that the second type of triggering event is different than the first type of 
triggering event (as many good sources of randomness as are available) (Menezes 
page 172 lines 32-34, 37-38). 

Regarding claim 11, the combined system of Schneier and Menezes further 
discloses that the second type of triggering event is a cycle of power applied to the 
processor-based device (Schneier page 426 lines 12-13). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tamara Teslovich whose telephone number is (571) 
272-4241. The examiner can normally be reached on Mon-Fri 8-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
5 For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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T. Teslovich 
June 14, 2005 
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